Key issues: Whistleblower bounty program

The first full-year annual report of whistleblower tip data from the Office of the Whistleblower as mandated by the Dodd-Frank Act is available. There was only one financial award paid out in 2012. It was $50,000 to a whistleblower whose tip led to a $1 million court order in sanctions.

A point of significant discussion relating to these rules was whether the SEC would require a whistleblower to report first to the company - before reporting to the SEC. In the end, the final rules don’t require a whistleblower to report to the company first, but they encourage doing so by building in certain incentives. For example:

• Reporting internally first could increase the size of a reward
• If the whistleblower reports first to the company, any information derived from the company’s own resulting investigation accrues to the credit of the whistleblower if the company then self-reports the incident to the SEC within 120 days of the internal submission by the whistleblower

The potential for significant bounties could incent more employees to be alert for possible violations, which could mean companies may ultimately have to investigate many more allegations. This directly impacts audit committees, given their mandate to oversee whistleblower hotlines. Management should actively encourage employees to report concerns internally — ideally instead of, but at least before, reporting to the SEC — so the company can address any issues.

Investigating allegations can be complicated and time-consuming, and the new rules may be particularly challenging for a company that does not have a well-developed and well-organized program in place.

Among the questions audit committees may want to discuss with management regarding the whistleblower bounty program:

• Is the company promoting compliance with the regulations among its employees at all levels?
• Is management reviewing the current internal hotline process for any needed improvements?
• Is there an investigation action plan in place? If so, does it include guidance on evaluating the substance and nature of an allegation, determining whether it requires further investigation and identifying who should lead the investigation?
• Are there enough dedicated personnel to handle more tips?
• Has the company identified the independent resources and advisors it may need to consult, and does it have policies as to when they should be retained?

PwC perspective "While the SEC's final rules on Dodd-Frank's whistleblower provisions did not require reporting to the company first, the regulator did build in incentives for the whistleblower to do just that. With a larger bounty offered if an issue is first reported to the company, the whistleblower is protected and the company has a chance to investigate on its own. " — Mary Ann Cloyd, Leader, Center for Board Governance

Learn what PwC has to say about the Whistleblower bounty program:

• BoardroomDirect – December 2012 (Corporate disclosure, financials lead 2012 whistleblower tips)
• To the point – Summer 2011 (How to prepare for whistleblower investigations)

Additional information about the Whistleblower Bounty Program:

• SEC: Annual Report on the Dodd-Frank Whistleblower Program, Fiscal Year 2011
• SEC: Annual Report on the Dodd-Frank Whistleblower Program, Fiscal Year 2012